Search Results

Search found 115763 results on 4631 pages for 'new tab page'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 9/4631 | < Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >

  • How to get the if the Page is Liked in my Facebook Application page

    - by Axe
    I'm using the Facebook sdk from codeplex I've tried the suggestion at How to get the Page Id in my Facebook Application page which is this: if (FacebookWebContext.Current.SignedRequest != null) { dynamic data = FacebookWebContext.Current.SignedRequest.Data; if (data.page != null) { var pageId = (String)data.page.id; var isUserAdmin = (Boolean)data.page.admin; var userLikesPage = (Boolean)data.page.liked; } else { // not on a page } } But my data.page is null. Do I need to ask for some extra permissions on the authorization or something? Also tried this the FQL suggested at http://blog.woodylabs.com/2010/09/facebook-graph-api-is-user-a-fan-of-page-id-using-fql-and-opengraph-to-mimic-pages-isfan/ But I only have an appId not a page ID. Any ideas?

    Read the article

  • App disappears from Win7's ALT-TAB list sometimes

    - by Mason Wheeler
    I've been having some trouble with one of my Delphi 2010 projects lately. It seems that sometimes, when I have a form open as a modal dialog, the app stops showing up in the ALT-TAB list until I close the dialog. It's still in the Taskbar, but not in ALT-TAB, which means I can't switch to it without using the mouse. Running under Windows 7, 64-bit. Has anyone seen this before? Any idea what causes it and how to fix it?

    Read the article

  • Facebook: I became Admin of a Page but can't edit it

    - by Michael G.
    Hello! I'm testing around with facebook and made a test-page with a workmate. He made me an admin. I clicked the link in the mail from facebook, i got to the side and there's no "edit the page" link under the picture. So we added an other workmate as admin. Even he isn't supposed to edit the page. What can it be?

    Read the article

  • Tabs Visual Manager Adds Thumbnailed Tab Switching to Chrome

    - by ETC
    If you rock a bunch of tabs and sometimes need a little visual reminder to recall where you left a tab you’re looking for, Tabs Visual Manager thumbnails all your tabs for easy visual switching. Install Tabs Visual Manager, restart Chrome, and anytime you need to find a tab you can click on the Tabs Visual Manager icon in the toolbar. By default it opens a new tab with all your tab thumbnails, we found it was more convenient to switch it to pop-up mode (wherein it pops up a smaller menu from the icon itself instead of a whole new tab). Tabs Visual Manager is a free extension and works wherever Chrome does. Hit up the link below to read more and grab a copy. Tabs Visual Manager [Google Chrome Extensions] Latest Features How-To Geek ETC Should You Delete Windows 7 Service Pack Backup Files to Save Space? What Can Super Mario Teach Us About Graphics Technology? Windows 7 Service Pack 1 is Released: But Should You Install It? How To Make Hundreds of Complex Photo Edits in Seconds With Photoshop Actions How to Enable User-Specific Wireless Networks in Windows 7 How to Use Google Chrome as Your Default PDF Reader (the Easy Way) Reclaim Vertical UI Space by Moving Your Tabs to the Side in Firefox Wind and Water: Puzzle Battles – An Awesome Game for Linux and Windows How Star Wars Changed the World [Infographic] Tabs Visual Manager Adds Thumbnailed Tab Switching to Chrome Daisies and Rye Swaying in the Summer Wind Wallpaper Read On Phone Pushes Data from Your Desktop to the Appropriate Android App

    Read the article

  • SEO Friendly URL for search keywords

    - by Kyojimaru
    I have a website where you can search for a brands, item, and content inside my web. It was designed with tab for each search type, but I want to make the url when changing the tab user friendly and good for SEO. Is it better to have a url for search result like this www.example.com/search/{search_keyword}/{tab} or www.example.com/search/{search_keyword}?tab={tab} or www.example.com/search/?search={search_keyword}&tab={tab} where {search_keyword} is the keyword that user input, and {tab} is either brands / item / content, because when I look at facebook, stackoverflow, and some other website, they use query string for their search keyword Edit My past url is only www.example.com/search/{search_keyword}, and I just added the tab design recently. Consider that I should go with option 1 from the above option, should I make www.example.com/search/{search_keyword} the default for 1 of the 3 tab, and make the other 2 tab with www.example.com/search/{search_keyword}/{tab} to retain the score for the page, or should I make all the tab url with www.example.com/search/{search_keyword}/{tab} and use a permanent redirect from www.example.com/search/{search_keyword} to one of the url tab

    Read the article

  • Page Load Time - "Waiting on..." taking ages. What part of page request process is hung?

    - by James
    I have a new cluster site running on Magento that's on a development server that is made up of 2 x web servers and 1 x database server. I have optimized the site in all areas I know (gzip, increasing php memory limits, increasing database memory limits etc) but sometimes the page loading gets stuck on 'waiting for xxx.xx.xx.xxx' (Chrome and other broswers, chrome just shows it that way). It can sit there for 40 + seconds, sometimes it just never loads and I close it in frustration. What part of the page loading process is this hung at? Is it a server issue, database issue, platform issue? I need to know where to start or whether to push the hosting provider about it.

    Read the article

  • update data after click tab

    - by alkitbi
    I want to add to this simple file ... When you click on a tab updated contents of the page or reload . <script type="text/javascript" src="yetii.js"></script> <script type="text/javascript" src="yetii-min.js"></script> <div class="Tabber"><div id="aldirazi"><ul id="aldirazi-nav"><li><a href="#UAEDES1">page1</a></li> </ul><div id="aldirazi-tabs"> <div class="tab" id="UAEDES1"> <? include("page1.php");?></div> </div> </div> </div> <script type="text/javascript"> var tabber1 = new Yetii({ id: 'aldirazi', persist: true }); </script>

    Read the article

  • Create a Customized Tab on the Office 2010 Ribbon

    - by Mysticgeek
    Some MS Office users were put off a bit by the Ribbon feature in 2007 for being cumbersome and confusing. Today we look at a cool new feature in Office 2010 that allows you to create your own custom tabs with specific commands for easier document creation. Create a Customized Tab In our example we’re using Word, but you can create a custom tab in the other Office apps as well. To do so, right-click on the Ribbon and select Customize the Ribbon. The Word Options screen opens up and from here you can manage a lot of customization options. We want to create a new customized tab, so click on the New Tab button.   Now give it a name… Now just drag the commands you want to add from the left column over to your new custom group. You have every command available to choose from. You can select specific groups or all commands from the dropdown menu on the left. That is all there is to it…now you have your own customized tab with the commands you use most often to help you work more efficiently. In this example We didn’t add a whole lot of commands, but you can customize it with as many as you need. You can also create other tabs with different sets of commands too. When you create a customized tab in one application, it’s only going to be in that app. For example if you create on in Word, it’s not going to show in Excel as commands differ between apps. If you want a custom tab in another Office app you’ll need to create one for it. Another very cool thing you can do is export the customizations to use on another machine or pass them to a coworker. To export the customizations, go to the Customize Ribbon section and at the bottom of the right field click Import/Export then Export all customizations. Then save the file to a location on your hard drive.   To import the settings to another machine, go into Ribbon Customizations and select Import customizations file… then browse the the file you exported. You’ll be prompted to confirm you want to import he customizations… After confirming the choice now you’ll see the customization show up on the other machine. This is very handy if you work on several machines throughout the day and want to easily bring your customized tabs with you. If you find yourself using a lot of specific commands throughout the day, creating your own customized tab will help access them more quickly. If you want to test out Office 2010 it’s currently in Public Beta and can be downloaded for free. Download Office 2010 Beta Similar Articles Productive Geek Tips Maximize Space by "Auto-Hiding" the Ribbon in Office 2007Make Learning Office 2007 & 2010 Fun with Ribbon HeroAdd or Remove Apps from the Microsoft Office 2007 or 2010 SuiteHow To Bring Back the Old Menus in Office 2007How To Take Screenshots with Word 2010 TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips Revo Uninstaller Pro Registry Mechanic 9 for Windows PC Tools Internet Security Suite 2010 PCmover Professional Enable Check Box Selection in Windows 7 OnlineOCR – Free OCR Service Betting on the Blind Side, a Vanity Fair article 30 Minimal Logo Designs that Say More with Less LEGO Digital Designer – Free Create a Personal Website Quickly using Flavors.me

    Read the article

  • Create a Customized Tab on the Office 2010 Ribbon

    - by Mysticgeek
    Some MS Office users were put off a bit by the Ribbon feature in 2007 for being cumbersome and confusing. Today we look at a cool new feature in Office 2010 that allows you to create your own custom tabs with specific commands for easier document creation. Create a Customized Tab In our example we’re using Word, but you can create a custom tab in the other Office apps as well. To do so, right-click on the Ribbon and select Customize the Ribbon. The Word Options screen opens up and from here you can manage a lot of customization options. We want to create a new customized tab, so click on the New Tab button.   Now give it a name… Now just drag the commands you want to add from the left column over to your new custom group. You have every command available to choose from. You can select specific groups or all commands from the dropdown menu on the left. That is all there is to it…now you have your own customized tab with the commands you use most often to help you work more efficiently. In this example We didn’t add a whole lot of commands, but you can customize it with as many as you need. You can also create other tabs with different sets of commands too. When you create a customized tab in one application, it’s only going to be in that app. For example if you create on in Word, it’s not going to show in Excel as commands differ between apps. If you want a custom tab in another Office app you’ll need to create one for it. Another very cool thing you can do is export the customizations to use on another machine or pass them to a coworker. To export the customizations, go to the Customize Ribbon section and at the bottom of the right field click Import/Export then Export all customizations. Then save the file to a location on your hard drive.   To import the settings to another machine, go into Ribbon Customizations and select Import customizations file… then browse the the file you exported. You’ll be prompted to confirm you want to import he customizations… After confirming the choice now you’ll see the customization show up on the other machine. This is very handy if you work on several machines throughout the day and want to easily bring your customized tabs with you. If you find yourself using a lot of specific commands throughout the day, creating your own customized tab will help access them more quickly. If you want to test out Office 2010 it’s currently in Public Beta and can be downloaded for free. Download Office 2010 Beta Similar Articles Productive Geek Tips Maximize Space by "Auto-Hiding" the Ribbon in Office 2007Make Learning Office 2007 & 2010 Fun with Ribbon HeroAdd or Remove Apps from the Microsoft Office 2007 or 2010 SuiteHow To Bring Back the Old Menus in Office 2007How To Take Screenshots with Word 2010 TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips Revo Uninstaller Pro Registry Mechanic 9 for Windows PC Tools Internet Security Suite 2010 PCmover Professional Enable Check Box Selection in Windows 7 OnlineOCR – Free OCR Service Betting on the Blind Side, a Vanity Fair article 30 Minimal Logo Designs that Say More with Less LEGO Digital Designer – Free Create a Personal Website Quickly using Flavors.me

    Read the article

  • Loading main javascript on every page? Or breaking it up to relevant pages?

    - by Kyle
    I have a 700kb decompressed JS file which is loaded on every page. Before I had 12 javascript files on each page but to reduce http requests I compressed them all into 1 file. This file is ~130kb gzipped and is served over gzip. However on the local computer it is still unpacked and loaded on every page. Is this a performance issue? I've profiled the javascript with firebug profiler but did not see any issues. The problem/illusion I am facing is there are jquery libraries compressed in that file that are sometimes not used on the current page. For example jquery datatables is 200kb compressed and that is only loaded on 2 of my website pages. Another is jqplot and that is another 200kb. I now have 400kb of excess code that isn't executed on 80% of the pages. Should I leave everything in 1 file? Should I take out the jquery libraries and load only relevant JS on the current page?

    Read the article

  • What is the impact of a CMS on page load time versus a static site?

    - by PleaseStand
    I am creating a 20-page site that will go on shared hosting. Each page will be about 20 KB (including HTML, CSS, and images common to all pages). To avoid manually adding navigation elements to each page, I am considering using a CMS. However, I am concerned that on a busy server, using a CMS would make the site load more slowly. In a shared hosting environment where PHP is run as a CGI binary, how much does a CMS (WordPress, Drupal, etc.) generally affect page load time, compared to both "plain HTML" static sites and those using PHP as merely a templating language?

    Read the article

  • Is it possible to have tab completion of drop-down lists in web pages in Firefox?

    - by Nick Booker
    Does anyone know of a Firefox plugin that would enable tab-completion (or some other key sequence like Alt-L) of items in drop-down lists in web forms? e.g. ou<TAB>in<TAB>s<TAB> for 'OurCompany - Internal Support' Vimperator's hints mode makes it very ergonomic to focus the drop-down list with a key sequence like f13 but the keyboard interface to the drop-down list still sucks. I very frequently have to pick items from a very long list with very long common prefixes among the entries (e.g. 30-40 starting with OurCompany -), which renders both the built-in keyboard interface and the mouse pretty slow and unergonomic. I basically want readline support for filling webforms!

    Read the article

  • ASP.Net Cross Page Posting

    - by John
    Currently I have two pages: The first page contains an input form, and the 2nd page generates an excel document. The input form's button posts to this 2nd page. What I'd like to do is add a second button which also posts to the 2nd page; however, I'll need requests created from this new button to act differently, which brings me to my question: Is there a way I can tell, from the 2nd page, which button was pressed to submit the request? The main reason I'm asking is I'd like to re-use the 2nd page's logic in parsing the information from the first page if possible; I'd rather not have to copy it to a new page and have the new button post to that. Thanks!

    Read the article

  • Access &lt;body element from content page via a nested master page

    - by danwellman
    All I want to do is access the <body element from the code-behind of a content page and add a class name to it. I have a top-level master page with the <body element in it. Then I have a nested master page which is the master page for the content page. From the code behind of the content page I want to add a class name to the body element. That's all. I have this in the top-level master: <body id="bodyNode" runat="server"> I added this to the code-behind for the content page: Master.bodyNode.Attributes.add("class", "home-page"); And I get a message that: System.Web.UI.MasterPage' does not contain a definition for 'bodyNode If I add this to the aspx content page: <% @ MasterType VirtualPath="~/MasterPage.master"%> The message then changes to: bodyNode is inaccessible due to its protection level Please advise, I've wasted like 2 hours on what feels like something that should be really simple to do :(

    Read the article

  • Flash Mouse.hide() cmd+tab(alt+tab) bring the mouse back

    - by DickieBoy
    Having a bit of trouble with Mouse.show() and losing focus of the swf This isn't my demo: but its showing the same bug http://www.foundation-flash.com/tutorials/as3customcursors/ What i do to recreate it is: mouse over the swf, hit cmd+tab to highlight another window, result is that the mouse is not brought back and is still invisible, (to get it back go to the window bar at the top of the screen and click something). I have an area in which movement is detected and an image Things I have tried package { import flash.display.Sprite; import flash.display.MovieClip; import com.greensock.*; import flash.events.*; import flash.utils.Timer; import flash.events.TimerEvent; import flash.utils.*; import flash.ui.Mouse; public class mousey_movey extends MovieClip { public var middle_of_the_flash; //pixels per second public var speeds = [0,1,3,5,10]; public var speed; public var percentage_the_mouse_is_across_the_screen; public var mouse_over_scrollable_area:Boolean; public var image_move_interval; public function mousey_movey() { middle_of_the_flash = stage.stageWidth/2; hot_area_for_movement.addEventListener(MouseEvent.MOUSE_OVER, mouseEnter); hot_area_for_movement.addEventListener(MouseEvent.MOUSE_OUT, mouseLeave); hot_area_for_movement.addEventListener(MouseEvent.MOUSE_MOVE, mouseMove); stage.addEventListener(Event.MOUSE_LEAVE, show_mouse); stage.addEventListener(MouseEvent.MOUSE_OUT, show_mouse); stage.addEventListener(Event.DEACTIVATE,show_mouse); hot_area_for_movement.alpha=0; hot_area_for_movement.x=0; hot_area_for_movement.y=34; } public function show_mouse(e) { trace(e.type) trace('show_mouse') Mouse.show(); } public function onActivate(e) { trace('activate'); Mouse.show(); } public function onDeactivate(e) { trace('deactivate'); } public function get_speed(percantage_from_middle):int { if(percantage_from_middle > 80) { return speeds[4] } else { if(percantage_from_middle > 60) { return speeds[3] } else { if(percantage_from_middle > 40) { return speeds[2] } else { if(percantage_from_middle > 20) { return speeds[1] } else { return 0; } } } } } public function mouseLeave(e:Event):void{ Mouse.show(); clearInterval(image_move_interval); } public function mouseEnter(e:Event):void{ Mouse.hide(); image_move_interval = setInterval(moveImage,1); } public function mouseMove(e:Event):void { percentage_the_mouse_is_across_the_screen = Math.round(((middle_of_the_flash-stage.mouseX)/middle_of_the_flash)*100); speed = get_speed(Math.abs(percentage_the_mouse_is_across_the_screen)); airplane_icon.x = stage.mouseX; airplane_icon.y = stage.mouseY; } public function stageMouseMove(e:Event):void{ Mouse.show(); } public function moveImage():void { if(percentage_the_mouse_is_across_the_screen > 0) { moving_image.x+=speed; airplane_icon.scaleX = -1; } else { moving_image.x-=speed; airplane_icon.scaleX = 1; } } } } Nothing too fancy, im just scrolling an image left of right at a speed which is generated by how far you are from the middle of the stage, and making an airplane moveclip follow the mouse. The events: stage.addEventListener(Event.MOUSE_LEAVE, show_mouse); stage.addEventListener(MouseEvent.MOUSE_OUT, show_mouse); stage.addEventListener(Event.DEACTIVATE,show_mouse); All fire and work correctly when in the browser, seem a little buggy when running a test through flash, was expecting this as ive experienced it before. The deactivate call even runs when testing and cmd+tabbing but shows no mouse. Any help on the matter is appreciated Thanks, Dickie

    Read the article

  • Python - Nested List to Tab Delimited File?

    - by Seafoid
    Hi, I have a nested list comprising ~30,000 sub-lists, each with three entries, e.g., nested_list = [['x', 'y', 'z'], ['a', 'b', 'c']]. I wish to create a function in order to output this data construct into a tab delimited format, e.g., x y z a b c Any help greatly appreciated! Thanks in advance, Seafoid.

    Read the article

  • ADO Access Tab button

    - by CREFLY
    Hello I moved my access apllication from DAO into ADO connection. It works better but I am encountering a problem when I enter a value in a form's field then I push the tab button the screen takes me to the first fields of the form and I lose my activecontrol which is the control of the field in which i enter the value. N.B.: If I clicked the cursor using the mouse after applying the value in the specified field, it works properly... Any help will highly appreciated

    Read the article

  • render tab characters in html

    - by Midhat
    I have to render some text to a web page. The text is coming from sources outside my control and it is formatted using \n and\t Now \n can be replaced by a <br> but what about \t. A brief search reveals there is no way to render tab characters in html, bu there has to be a workaround. Anyone?

    Read the article

  • Security Issues with Single Page Apps

    - by Stephen.Walther
    Last week, I was asked to do a code review of a Single Page App built using the ASP.NET Web API, Durandal, and Knockout (good stuff!). In particular, I was asked to investigate whether there any special security issues associated with building a Single Page App which are not present in the case of a traditional server-side ASP.NET application. In this blog entry, I discuss two areas in which you need to exercise extra caution when building a Single Page App. I discuss how Single Page Apps are extra vulnerable to both Cross-Site Scripting (XSS) attacks and Cross-Site Request Forgery (CSRF) attacks. This goal of this blog post is NOT to persuade you to avoid writing Single Page Apps. I’m a big fan of Single Page Apps. Instead, the goal is to ensure that you are fully aware of some of the security issues related to Single Page Apps and ensure that you know how to guard against them. Cross-Site Scripting (XSS) Attacks According to WhiteHat Security, over 65% of public websites are open to XSS attacks. That’s bad. By taking advantage of XSS holes in a website, a hacker can steal your credit cards, passwords, or bank account information. Any website that redisplays untrusted information is open to XSS attacks. Let me give you a simple example. Imagine that you want to display the name of the current user on a page. To do this, you create the following server-side ASP.NET page located at http://MajorBank.com/SomePage.aspx: <%@Page Language="C#" %> <html> <head> <title>Some Page</title> </head> <body> Welcome <%= Request["username"] %> </body> </html> Nothing fancy here. Notice that the page displays the current username by using Request[“username”]. Using Request[“username”] displays the username regardless of whether the username is present in a cookie, a form field, or a query string variable. Unfortunately, by using Request[“username”] to redisplay untrusted information, you have now opened your website to XSS attacks. Here’s how. Imagine that an evil hacker creates the following link on another website (hackers.com): <a href="/SomePage.aspx?username=<script src=Evil.js></script>">Visit MajorBank</a> Notice that the link includes a query string variable named username and the value of the username variable is an HTML <SCRIPT> tag which points to a JavaScript file named Evil.js. When anyone clicks on the link, the <SCRIPT> tag will be injected into SomePage.aspx and the Evil.js script will be loaded and executed. What can a hacker do in the Evil.js script? Anything the hacker wants. For example, the hacker could display a popup dialog on the MajorBank.com site which asks the user to enter their password. The script could then post the password back to hackers.com and now the evil hacker has your secret password. ASP.NET Web Forms and ASP.NET MVC have two automatic safeguards against this type of attack: Request Validation and Automatic HTML Encoding. Protecting Coming In (Request Validation) In a server-side ASP.NET app, you are protected against the XSS attack described above by a feature named Request Validation. If you attempt to submit “potentially dangerous” content — such as a JavaScript <SCRIPT> tag — in a form field or query string variable then you get an exception. Unfortunately, Request Validation only applies to server-side apps. Request Validation does not help in the case of a Single Page App. In particular, the ASP.NET Web API does not pay attention to Request Validation. You can post any content you want – including <SCRIPT> tags – to an ASP.NET Web API action. For example, the following HTML page contains a form. When you submit the form, the form data is submitted to an ASP.NET Web API controller on the server using an Ajax request: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> </head> <body> <form data-bind="submit:submit"> <div> <label> User Name: <input data-bind="value:user.userName" /> </label> </div> <div> <label> Email: <input data-bind="value:user.email" /> </label> </div> <div> <input type="submit" value="Submit" /> </div> </form> <script src="Scripts/jquery-1.7.1.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { user: { userName: ko.observable(), email: ko.observable() }, submit: function () { $.post("/api/users", ko.toJS(this.user)); } }; ko.applyBindings(viewModel); </script> </body> </html> The form above is using Knockout to bind the form fields to a view model. When you submit the form, the view model is submitted to an ASP.NET Web API action on the server. Here’s the server-side ASP.NET Web API controller and model class: public class UsersController : ApiController { public HttpResponseMessage Post(UserViewModel user) { var userName = user.UserName; return Request.CreateResponse(HttpStatusCode.OK); } } public class UserViewModel { public string UserName { get; set; } public string Email { get; set; } } If you submit the HTML form, you don’t get an error. The “potentially dangerous” content is passed to the server without any exception being thrown. In the screenshot below, you can see that I was able to post a username form field with the value “<script>alert(‘boo’)</script”. So what this means is that you do not get automatic Request Validation in the case of a Single Page App. You need to be extra careful in a Single Page App about ensuring that you do not display untrusted content because you don’t have the Request Validation safety net which you have in a traditional server-side ASP.NET app. Protecting Going Out (Automatic HTML Encoding) Server-side ASP.NET also protects you from XSS attacks when you render content. By default, all content rendered by the razor view engine is HTML encoded. For example, the following razor view displays the text “<b>Hello!</b>” instead of the text “Hello!” in bold: @{ var message = "<b>Hello!</b>"; } @message   If you don’t want to render content as HTML encoded in razor then you need to take the extra step of using the @Html.Raw() helper. In a Web Form page, if you use <%: %> instead of <%= %> then you get automatic HTML Encoding: <%@ Page Language="C#" %> <% var message = "<b>Hello!</b>"; %> <%: message %> This automatic HTML Encoding will prevent many types of XSS attacks. It prevents <script> tags from being rendered and only allows &lt;script&gt; tags to be rendered which are useless for executing JavaScript. (This automatic HTML encoding does not protect you from all forms of XSS attacks. For example, you can assign the value “javascript:alert(‘evil’)” to the Hyperlink control’s NavigateUrl property and execute the JavaScript). The situation with Knockout is more complicated. If you use the Knockout TEXT binding then you get HTML encoded content. On the other hand, if you use the HTML binding then you do not: <!-- This JavaScript DOES NOT execute --> <div data-bind="text:someProp"></div> <!-- This Javacript DOES execute --> <div data-bind="html:someProp"></div> <script src="Scripts/jquery-1.7.1.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { someProp : "<script>alert('Evil!')<" + "/script>" }; ko.applyBindings(viewModel); </script>   So, in the page above, the DIV element which uses the TEXT binding is safe from XSS attacks. According to the Knockout documentation: “Since this binding sets your text value using a text node, it’s safe to set any string value without risking HTML or script injection.” Just like server-side HTML encoding, Knockout does not protect you from all types of XSS attacks. For example, there is nothing in Knockout which prevents you from binding JavaScript to a hyperlink like this: <a data-bind="attr:{href:homePageUrl}">Go</a> <script src="Scripts/jquery-1.7.1.min.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { homePageUrl: "javascript:alert('evil!')" }; ko.applyBindings(viewModel); </script> In the page above, the value “javascript:alert(‘evil’)” is bound to the HREF attribute using Knockout. When you click the link, the JavaScript executes. Cross-Site Request Forgery (CSRF) Attacks Cross-Site Request Forgery (CSRF) attacks rely on the fact that a session cookie does not expire until you close your browser. In particular, if you visit and login to MajorBank.com and then you navigate to Hackers.com then you will still be authenticated against MajorBank.com even after you navigate to Hackers.com. Because MajorBank.com cannot tell whether a request is coming from MajorBank.com or Hackers.com, Hackers.com can submit requests to MajorBank.com pretending to be you. For example, Hackers.com can post an HTML form from Hackers.com to MajorBank.com and change your email address at MajorBank.com. Hackers.com can post a form to MajorBank.com using your authentication cookie. After your email address has been changed, by using a password reset page at MajorBank.com, a hacker can access your bank account. To prevent CSRF attacks, you need some mechanism for detecting whether a request is coming from a page loaded from your website or whether the request is coming from some other website. The recommended way of preventing Cross-Site Request Forgery attacks is to use the “Synchronizer Token Pattern” as described here: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet When using the Synchronizer Token Pattern, you include a hidden input field which contains a random token whenever you display an HTML form. When the user opens the form, you add a cookie to the user’s browser with the same random token. When the user posts the form, you verify that the hidden form token and the cookie token match. Preventing Cross-Site Request Forgery Attacks with ASP.NET MVC ASP.NET gives you a helper and an action filter which you can use to thwart Cross-Site Request Forgery attacks. For example, the following razor form for creating a product shows how you use the @Html.AntiForgeryToken() helper: @model MvcApplication2.Models.Product <h2>Create Product</h2> @using (Html.BeginForm()) { @Html.AntiForgeryToken(); <div> @Html.LabelFor( p => p.Name, "Product Name:") @Html.TextBoxFor( p => p.Name) </div> <div> @Html.LabelFor( p => p.Price, "Product Price:") @Html.TextBoxFor( p => p.Price) </div> <input type="submit" /> } The @Html.AntiForgeryToken() helper generates a random token and assigns a serialized version of the same random token to both a cookie and a hidden form field. (Actually, if you dive into the source code, the AntiForgeryToken() does something a little more complex because it takes advantage of a user’s identity when generating the token). Here’s what the hidden form field looks like: <input name=”__RequestVerificationToken” type=”hidden” value=”NqqZGAmlDHh6fPTNR_mti3nYGUDgpIkCiJHnEEL59S7FNToyyeSo7v4AfzF2i67Cv0qTB1TgmZcqiVtgdkW2NnXgEcBc-iBts0x6WAIShtM1″ /> And here’s what the cookie looks like using the Google Chrome developer toolbar: You use the [ValidateAntiForgeryToken] action filter on the controller action which is the recipient of the form post to validate that the token in the hidden form field matches the token in the cookie. If the tokens don’t match then validation fails and you can’t post the form: public ActionResult Create() { return View(); } [ValidateAntiForgeryToken] [HttpPost] public ActionResult Create(Product productToCreate) { if (ModelState.IsValid) { // save product to db return RedirectToAction("Index"); } return View(); } How does this all work? Let’s imagine that a hacker has copied the Create Product page from MajorBank.com to Hackers.com – the hacker grabs the HTML source and places it at Hackers.com. Now, imagine that the hacker trick you into submitting the Create Product form from Hackers.com to MajorBank.com. You’ll get the following exception: The Cross-Site Request Forgery attack is blocked because the anti-forgery token included in the Create Product form at Hackers.com won’t match the anti-forgery token stored in the cookie in your browser. The tokens were generated at different times for different users so the attack fails. Preventing Cross-Site Request Forgery Attacks with a Single Page App In a Single Page App, you can’t prevent Cross-Site Request Forgery attacks using the same method as a server-side ASP.NET MVC app. In a Single Page App, HTML forms are not generated on the server. Instead, in a Single Page App, forms are loaded dynamically in the browser. Phil Haack has a blog post on this topic where he discusses passing the anti-forgery token in an Ajax header instead of a hidden form field. He also describes how you can create a custom anti-forgery token attribute to compare the token in the Ajax header and the token in the cookie. See: http://haacked.com/archive/2011/10/10/preventing-csrf-with-ajax.aspx Also, take a look at Johan’s update to Phil Haack’s original post: http://johan.driessen.se/posts/Updated-Anti-XSRF-Validation-for-ASP.NET-MVC-4-RC (Other server frameworks such as Rails and Django do something similar. For example, Rails uses an X-CSRF-Token to prevent CSRF attacks which you generate on the server – see http://excid3.com/blog/rails-tip-2-include-csrf-token-with-every-ajax-request/#.UTFtgDDkvL8 ). For example, if you are creating a Durandal app, then you can use the following razor view for your one and only server-side page: @{ Layout = null; } <!DOCTYPE html> <html> <head> <title>Index</title> </head> <body> @Html.AntiForgeryToken() <div id="applicationHost"> Loading app.... </div> @Scripts.Render("~/scripts/vendor") <script type="text/javascript" src="~/App/durandal/amd/require.js" data-main="/App/main"></script> </body> </html> Notice that this page includes a call to @Html.AntiForgeryToken() to generate the anti-forgery token. Then, whenever you make an Ajax request in the Durandal app, you can retrieve the anti-forgery token from the razor view and pass the token as a header: var csrfToken = $("input[name='__RequestVerificationToken']").val(); $.ajax({ headers: { __RequestVerificationToken: csrfToken }, type: "POST", dataType: "json", contentType: 'application/json; charset=utf-8', url: "/api/products", data: JSON.stringify({ name: "Milk", price: 2.33 }), statusCode: { 200: function () { alert("Success!"); } } }); Use the following code to create an action filter which you can use to match the header and cookie tokens: using System.Linq; using System.Net.Http; using System.Web.Helpers; using System.Web.Http.Controllers; namespace MvcApplication2.Infrastructure { public class ValidateAjaxAntiForgeryToken : System.Web.Http.AuthorizeAttribute { protected override bool IsAuthorized(HttpActionContext actionContext) { var headerToken = actionContext .Request .Headers .GetValues("__RequestVerificationToken") .FirstOrDefault(); ; var cookieToken = actionContext .Request .Headers .GetCookies() .Select(c => c[AntiForgeryConfig.CookieName]) .FirstOrDefault(); // check for missing cookie or header if (cookieToken == null || headerToken == null) { return false; } // ensure that the cookie matches the header try { AntiForgery.Validate(cookieToken.Value, headerToken); } catch { return false; } return base.IsAuthorized(actionContext); } } } Notice that the action filter derives from the base AuthorizeAttribute. The ValidateAjaxAntiForgeryToken only works when the user is authenticated and it will not work for anonymous requests. Add the action filter to your ASP.NET Web API controller actions like this: [ValidateAjaxAntiForgeryToken] public HttpResponseMessage PostProduct(Product productToCreate) { // add product to db return Request.CreateResponse(HttpStatusCode.OK); } After you complete these steps, it won’t be possible for a hacker to pretend to be you at Hackers.com and submit a form to MajorBank.com. The header token used in the Ajax request won’t travel to Hackers.com. This approach works, but I am not entirely happy with it. The one thing that I don’t like about this approach is that it creates a hard dependency on using razor. Your single page in your Single Page App must be generated from a server-side razor view. A better solution would be to generate the anti-forgery token in JavaScript. Unfortunately, until all browsers support a way to generate cryptographically strong random numbers – for example, by supporting the window.crypto.getRandomValues() method — there is no good way to generate anti-forgery tokens in JavaScript. So, at least right now, the best solution for generating the tokens is the server-side solution with the (regrettable) dependency on razor. Conclusion The goal of this blog entry was to explore some ways in which you need to handle security differently in the case of a Single Page App than in the case of a traditional server app. In particular, I focused on how to prevent Cross-Site Scripting and Cross-Site Request Forgery attacks in the case of a Single Page App. I want to emphasize that I am not suggesting that Single Page Apps are inherently less secure than server-side apps. Whatever type of web application you build – regardless of whether it is a Single Page App, an ASP.NET MVC app, an ASP.NET Web Forms app, or a Rails app – you must constantly guard against security vulnerabilities.

    Read the article

  • Windows 7: Menu 'New->Text document' is missing, when not admin user

    - by Isamux
    Hi, when I'm logged in as a user that is not member of the administrator group the entry to create a new textfile is missing from the right click "New" menu. If I give the user admin rights or start the explorer with admin rights the "New - text document" menu entry magically appears. As far as I can see the registry entries are correct. Anybody got a solution for that side effect of beeing a normal user in windows?? Regards

    Read the article

  • How to lock Firefox tab to domain or URL pattern

    - by f3lix
    I know Firefox extensions that allow protecting (cannot be closed) and locking (cannot change URL) tabs. What I need is an extension that locks a tab to a certain domain or URL pattern. For example, I want to lock a tab to the domain example.com. As long as I follow links that are within this domain the tab should show normal (unlocked) behavior, but if I follow a link to another domain the link should be opened in new tab -- leaving the locked tab open with a URL within the locked domain. Even better would be the functionality to lock a tab to a URL pattern. If a URL matches the pattern it is opened in the current tab, otherwise it is opened in a new tab. Do you know something (preferably an extension for FF 8.0) that provides this kind of functionality.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >